Adding new WAN Connection - Ping Yes, Use No

  • I am adding a second WAN port (Verizon connection) to an existing PFSense installation.

    The Network looks like this:
                      _____________  |            |
    –-- Comcast ---- | em0        |                    ____________________
                      |            |                    |                    |
                      | pfsense  em1|-------- LAN -------| PC @ |
                      |            |        |____________________|
    ---- Verizon ---- | ue0        |          |_____________|

    1. I have my interface and gateway added and routes to allow traffic. The gateway monitor for the new interface is set to and shows green on Status –> Gateways page.

    2. I can ping from the LAN side all the way to the GW address, but I can't get webGUI of the gateway router connected there.

    3. If I move my PC to the 10.1.1.x network I can log into the webGUI.

    What am I missing in my config?  What would you look at/for?


    a very frustrated padapa

  • are you missing NAT on the new wan?

  • I would think if NAT wasn't working, I wouldn't be able to ping the gateway address???

    Applied to the LAN interface I have a new rule that looks like this:

    and in the outbound NAT setting I have this:

    I am preparing to send all traffic out the new port, once it's working.

    Heper, what else can I show you so you can help me see the issue?


  • @heper:

    are you missing NAT on the new wan?

    So where do I check that?

    BTW… I can ping out to the next IP interface on the front of the Verizon path (, but can't see it's webgui either??? >:(

    If I do a traceroute to a public address like it fails to see beyond the path to and like this:

    traceroute to (, 64 hops max, 52 byte packets
    1 (  3.967 ms  3.045 ms  3.038 ms
    2 (  9.783 ms  4.958 ms  4.836 ms
    3  * * *
    4  * * *
    5  * * *

    If I traceroute on the Verizon interface, I see the following:  (So I know the outbound path is working correctly.)

    traceroute to (, 64 hops max, 52 byte packets
    1  my.jetpack (  144.029 ms *  3.016 ms (  47.605 ms  40.756 ms  39.191 ms (  35.273 ms  44.141 ms  36.294 ms (  41.110 ms  37.837 ms  46.419 ms (  33.923 ms  37.562 ms  30.134 ms

    Any more ideas?


  • I was checkin the system logs and found this:  kernel: arpresolve: can't allocate llinfo for on ue0

    ue0 is my new wireless WAN connection.  It is a USB to Ethernet adapter…

    I can ping all the way out to public addresses, but I still can't use port 80/443 for webGUI access to anything?

    Any Ideas??? Anyone!

  • You need an additional outbound NAT rule to get traffic for the gateway router UI originating from the correct subnet.

    | Interface: | USB_VZN_WWAN |
    | Protocol: | any |
    | Source: | any |
    | Destination: | Network:, Port:<leave blank=""></leave> |
    | Translation: | Address: Interface address, Port: <leave blank="">, Static port:</leave> |

    You might have to make this rule higher priority (i.e. above) the automatically created rule to get everything working correctly.